Don't fchown when inheriting io

[crosbymichael]

This is a fix for rootless containers and general io handling. The
higher level systems must preparte the IO for the container in the
detach case and make sure it is setup correctly for the container's
process.

Replacement for #1349

Fixes detached use case for #774

Signed-off-by: Michael Crosby [email protected]

[rh-atomic-bot]

215/267 passed on RHEL - Failed.
215/267 passed on CentOS - Failed.
216/266 passed on Fedora - Failed.
Log - https://aos-ci.s3.amazonaws.com/opencontainers/runc/runc-integration-tests-prs/282/fullresults.xml

[cyphar]

Can we also drop the rootuid and rootuid arguments?

[williammartin]

Functionality works for us here in Garden-land against master and the rootless branch. Thanks @crosbymichael

[crosbymichael]

@cyphar updated

[cyphar]

After trying to run this under #774, I found that there's still two places where we're doing Fchown of stdio fds:

% git grep Fchown
libcontainer/init_linux.go:             if err := syscall.Fchown(int(fd), u.Uid, int(s.Gid)); err != nil {
libcontainer/process_linux.go:          if err := syscall.Fchown(int(fd), rootuid, rootgid); err != nil {

So if you create a root terminal sudo -E termite or sudo -E gnome-terminal and then do sudo -u cyphar ./runc --root /tmp/runc create ctr it will fail with EINVAL because it ends up trying to fchown the stdio to an unmapped user.

If you want I can fix this in #774 or we can figure out whether it's safe to delete that code too.

[crosbymichael]

@cyphar i can look at that independently also

[cyphar]

Reading over fixStdioPermissions it looks like the code isn't wrong but we should modify it so that it handles user namespaces properly (namely handle unmapped UIDs and GIDs).

[hqhq]

LGTM

[dqminh]

LGTM